Virus? Description HTML:IFrame-U[Trj]

Viruses and worms
1

Help needed please! I use Avast 4.8 Free Home Edition.
The last couple of days Avast has twice flagged up the above “infection”.
The infected file properties are:
Orig.File Name:
4E89BD53-D613-4622-B777-AA4FC3CE2F7Ampavdlta.vdm.old.temp
Orig.Folder:
C:\WINDOWS\Temp\A6A2AD8C-B849-4277-8B51-2A8FE608B7B5-Sigs
Size of File:
2825384
Virus Description:
HTML:IFrame-U [Trj]
After the first warning I Quarantined the infection and later deleted it from my computer. No problems with my computer after that until tonight when the same apparent infection has been found by Avast again. This time I’ve left it in quarantine. Again my computer seems to be running normally.
There is one thing I am slightly suspicious of with this, and that is that the Avast warning came on each time during updates by Microsoft Security Essentials. This may be a total coincidence but can anyone help please. I’m not all that computer savvy so please spell it out simply.

2
during updates by Microsoft Security Essentials. This may be a total coincidence but can anyone help please.
why you should never run more than one AV http://www.bleepingcomputer.com/forums/index.php?s=49db784baecf17e7b189c833aafb624d&showtopic=260844&view=findpost&p=1441638
C:\WINDOWS\Temp\A6A2AD8C-B849-4277-8B51-2A8FE608B7B5-Sigs
Try cleaning tour temp files with TFC - Temp File Cleaner by OldTimer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html OBS: the computer will reboot

Check your computer for Malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update so you have latest database before you scan
click the remove selected button to quarantine anything found
if anything found you may post the scan log here

and i see you are still using avast 4.8 so why not install the new avast 5 …?
Avast! Free Antivirus 5.0.594 http://filehippo.com/download_avast_antivirus/

3

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.
4

Thanks Pondus & Tech.
My default browser is Firefox but I also have IE8. As a matter of course I habitually clean out my temp files from both after every session and also use CCleaner to mop up. I also use MBAM 1.46 and it has never picked up anything, nor has MS Essentials. On the subject of MS Essentials, I used to have Windows Defender, again comfortably alongside Avast and everything was ok. Curiously it seems only after I have dropped Defender for Essentials has Avast been flashing up the warnings. Worth ditching MS Essentials?
I will try what Tech has said and report back.
Thanks.
Nightshift

5

Yeah, post it back.

6
I used to have Windows Defender, again comfortably alongside Avast and everything was ok
Windows defender is not an AntiVirus Program
7

Windows Defender comes with Vista and Windows 7 and is un-necessary on XP.

I keep Windows Defender updated regularly on my Windows 7 system through its portal:
Latest definition version: 1.87.170.0
http://www.microsoft.com/security/portal/Definitions/ADL.aspx

I do not use Microsoft Security Essentials as it conflicts with avast! like Pondus says.

8

.

I would like to pursue this thread, even though I am not the OP. I wish to do so because I am having the exact same problem, except I have not done a recent update of my Microsoft Security Essentials.

I have had this “HTML:IFrame-U [Trj]” warning three time since 7/18, last time about an hour ago and it is shown to be in roughly the same location – “mpavdlta.vdm.old.temp”.

My research seems to indicate that “mpavdlta.vdm.old.temp” is related to Microsoft Security Essentials, no?

I have seen a number of times that the Avast Doctors don’t seem to like running Microsoft Security Essentials with Avast, but I have had no problems doing just that. I do all Microsoft updates myself, not automatically, but until 7/18 I haven’t had any reason to complain about Microsoft Security Essentials working side-by-side with my trusted Avast.

Let’s see, after the second warning and subsequent send off to the chest I did a thorough Avast scan and it came up clean and I did a SpyBot scan right after that and it came up clean.

But now, this.

So my first question is whether it is correct that the “mpavdlta.vdm.old.temp” file is Microsoft Security Essentials related?

By the way, the warnings have all flashed when I was doing different things, and this last time was the most puzzling because I was simply reading a Google/Gmail message that I seem to recall I had sent to myself.

Anyway, anyone know the answer to that “first question” just above? Thank you.

.

9

I don’t use MSE, so I can’t really check.

But if it is, then there is the possibility that it is updating (as you mention) its virus signatures and this process is unencrypted and why avast could detect them. That is after all what signature basses detections do, it is look for virus signatures and it has found some.

See http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/eeff1c32-d85c-4dd7-8636-fe6cd29ab6e9.

10

.

Thank you for the response, DavidR.

That technet thread you found was number two on my Google search list after the ADDSUM TECHNICAL SUPPORT MEMO from 2004, and it was that technet thread that first pointed me at an AntiVirus or AntiSpyware definition being the culprit, but when I did the search here and this thread came up and was the only result in this forum’s search engine and given that the OP here only experienced the problem recently I am wondering if there may be some new dynamic involved here that isn’t really clear to the Avast Gurus in the Avast Halls of Power, so I figured I best ask.

You see I have been using Micro’s Security Essentials side-by-side with my Avast since about December of last year and no problems at all, so I see another member has recently had problems, and I, as well … I covered that already, didn’t I?

So what does all this mean? Some other party’s virus definition is triggering an Avast warning? Or something else? I confess I am squeezing my homework on this in between other work and I’m no where near finding a definitive answer, yet. But any help here at Avast will sure be appreciated.

Plus, if any other members have only recently experienced this problem then we have the thread here with a very clear title, and that should be of some good, maybe.

.

11

Having two resident scanners installed is one too many and not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable. The fact that you have been luck in not having any conflict (though this could be termed one) is generally more down to luck, at least it is possible to disable the MSE resident status so it becomes on-demand and a backup scanner.

avast like the greatest majority of resident on-access AVs is scanning for virus signatures, so it doesn’t come as any surprise if other security signature updates (if they are unencrypted) will be detected. Files that are created/modified will be scanned by the File System Shield, that is the whole purpose on on-access/resident scanners.

The link if nothing else is just saying that virus signature updates can be detected other resident security applications. I didn’t read it in detail nor check the actual date of the article, nor did I go into a lot of digging into the many other hits on the google search as this one seemed to be what appears to be going on, detection of virus signature updates.

As I said I don’t use MSE so I can’t investigate this on a practical level and there is no way I will be installing MSE, that is a step too far for me an avast user.

12

I have had the same experience five times since 7/18. Coincidentally Microsoft Security Essentials has attempted to update (and failed) five times. I am able to update MSE manually with no problem.

13

with upgrade and update(s) respectively,yes likelihood of new dynamic - after all, that is what is intended, a new dynamic, or allowing for a new dynamic, or such like. So things will not always be the same (and not always equal, for example). The upgrade/update process sometimes result in pinpointing new or latent incompatibilities. I tested MSE when in early period of release and I found it to be compatible and could run side by side with avast, but is very likely that this is no longer the case. (A quick test recently returned outcome that suggest avast and MSE as resident installs are now incompatible. the alert I was given was orsam!rts - see towards end of the post http://forum.avast.com/index.php?topic=52252.msg519556#msg519556).

Under the circumstances, I can only recommend uninstall MSE (for time being, anyway)

14

Thanks guys! I came here trying to figure out what was going on, I’ve been getting this message past few days. I know now it’s because I have Microsoft Security Essentials trying to update as well. (I’m a noob)

Quick side question if any of you could answer, since i’ve already learned a lot from the previous posters. I’ve been reading some books lately on hacking, cyber security, etc. but it seems like most of them are outdated and don’t really teach me many practical things. I was hoping some people here could recommend some books or websites etc. Where do I start? Programming (what language should i start with?) Just any helpful advice on where or what to learn would be greatly appreciated since a lot of you guys seem really smart. I know it will take years and years but I want to get started. I’ll post this in general forum or whatever, sorry if it’s too off topic. I was just reading all the responses and wondering what you guys would recommend? Thanks a lot!

Sincerely,
Peace Love

15

Hello everyone on this thread with the same problem I have just posted in another Topic “FP with MSSE Updates” and have checked over the file that is moved to the Virus Chest and where they are moved or installed and it will always occurre with an update with my MSSE (Microsoft Security Essentials). I have set the sensitivity of each of the System Files (HIPS), WEB, and any other that scans the live, real time O/S to even below the normal setting to get the update in and installed, then set it back to HIGH where I like to keep it. That is the only problem I have found with Avast5 on my Win7 64bit O/S. MSSE has no problem working with Avast5, SUPERAntiSpyware, Spybot Search & Destroy on my system and I feel very safe, not completely because there is not any combination of all the programs out there can give a 100% guarantee of protection.

I just did not read over the list of threads to see there is another post of the same problem as I have,

TIA, CU L8R,
NTxLS